C
Neophyte

Neophyte

 • 

3 Messages

 • 

40 Points

Saturday, May 2nd, 2020 4:16 PM

Closed

Malware detected OSX_REFOGKEYLOGGER.MSGKD15

Hello,

Trend found and cleaned OSX_REFOGKEYLOGGER.MSGKD15 on my Mac on 1st May 2020, do you know this malware (is it a real one ?).

How can i be sure that no file is infected (Hard drive and USB device) ?

Thank you

Brand User

Trend Security Expert

 • 

766 Messages

 • 

15.4K Points

4 years ago

Hi, christophe.veron!

 

Welcome to Trend Micro Home Users Community.

 

To verify the detection, may we know the path/location of the file detected?

 

Awaiting your response.

 

- Kath

Neophyte

 • 

3 Messages

 • 

40 Points

Hello,

Thank for your answer.

The path/location of the detected file is (copy of scan log):

OSX_REFOGKEYLOGGER.MSGKD15,/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/4D961BFC-5992-4E2B-8AB8-985942EB4D02.activeSandbox/Root/Library/Apple/System/Library/CoreServices/MRT.app/Contents/MacOS/.BC.T_KiFtlb,Nettoyé,"01/05/2020, 10:56:23"

Thank you for your help.

Chris.

Brand User

 Superstar

 • 

579 Messages

 • 

9.4K Points

Thank you for your response, christopheveron.

 

This notification was to let you know that Trend Micro was able to detect and delete the threat right away. Rest assured, your device is safe and no longer infected.

 

Let me know if you have more questions.

 

- Cathy

Neophyte

 • 

3 Messages

 • 

40 Points

Hello Catherine,

Thank you for your answer,

I found the same problem on the japanese Trend Community : https://ja.community.trendmicro.com/conversations/%E3%82%A6%E3%82%A4%E3%83%AB%E3%82%B9%E3%83%90%E3%82%B9%E3%82%BF%E3%83%BC-for-mac/%E3%82%A6%E3%82%A4%E3%83%AB%E3%82%B9%E3%83%90%E3%82%B9%E3%82%BF%E3%83%BC-for-mac-%E3%81%A7mrt%E3%81%8C%E9%A7%86%E9%99%A4%E3%81%A7%E3%81%8D%E3%81%AA%E3%81%84/5eab70eb35f40c2e79d86e46

Is it a new malware ? Do you consider that the problem is solved or might evolve ?

Thank you for your help.

Christophe.

Brand User

Trend Security Expert

 • 

758 Messages

 • 

13.5K Points

Thank you for your response, 

christopheveron.


This happens because, the MRT file is a built-in security of Apple. It's possible that the file has been updated thus Trend Micro program detected it. We've immediately had the file reviewed for its integrity and updated our pattern. After a manual update, it should no longer be detected.

 

You may try the instructions provided on our knowledge-based website to resolve this: 

 

How to perform manual update 

 

Hope this helps. Awaiting for your response.

 

- Rochelle

1 Message

 • 

10 Points

4 years ago

Trend Micro found osx_refogkeylogger.msgkd15 after I downloaded the latest update to DVD Creator by iSkysoft which is a Chinese company. iSkysoft’s products have been on the App Store for years. I wonder if the software company was hacked

Brand User

Legend

 • 

682 Messages

 • 

10.1K Points

Hi, ivanfred651.

 

Upon checking, we have found out that the file is not malicious.

 

It's possible that the file has been updated thus Trend Micro program detected it. We've immediately had the file reviewed for its integrity and updated our pattern. After a manual update, it should no longer be detected.

 

You can follow the instruction on the link below on how to do a manual update:

 

How to perform manual update

 

Hope this helps. Let us know if you need further assistance.

 

- Kim

Need Help?

Ask the Community

Latest Tech Insights

Loading...